Espionage is occurring in government agencies. Polygraph is one of several tools available that
can be used as an internal control to prevent espionage and identify spies. It is my opinion that
in a security screening polygraph examination, Robert Hansen would have reacted with greater
than 99% certainty. Because, statistically speaking, others taking the test may also react but not
be guilty, other internal control measures, such as FBI investigative resources, would need to be
coupled with the polygraph results before certifying espionage activity. Evaluating whether or
not a security-screening program should be implemented requires an understanding of what the
predicted outcomes would be, an evaluation of what has already occurred in existing programs,
and the costs involved.

A realistic appraisal of the polygraph requires an understanding of its capabilities and limitations.
When making decisions based on polygraph results, one must factor in the confidence levels of
the various outcomes. Security polygraph examinations must be objectively conducted and
evaluated. The examiners must be able to determine the effectiveness of the initial testing, and
know when retesting is warranted. For example, false positives can occur. This is when people
react to the question, but in fact are telling the truth. The skill of the examiner is essential in
recognizing the possibility of a false positive, and the need to take additional measures, such as
retesting. Polygraph is not a perfect science but, in my opinion, it is a very valuable tool to ferret
out those who would commit espionage against the United States.

How much confidence can we have in a single security polygraph examination?

Confidence starts with estimates of validity. An estimate of validity can be established from
laboratory studies and by projecting the experiences of actual testing. Next, you must estimate
the base rate, or the percentage of a population that bears the characteristic we are seeking.
Prior studies indicate that the polygraph has an accuracy rate between 90% and 99%.
Estimates of the number of spies in any organization vary. My estimate in 1994 was there might
be a maximum of 3 spies in a population of 10,000.

Based on the results of scientific studies, when conducting a screening polygraph, you will have
high confidence (99.99 %) on decisions to clear people. In other words, the error rate on those
who pass the test is very miniscule. These conclusions are labeled no deception indicated (NDI)
or no specific reactions (NSPR). On the other hand, when a person registers deceptive (DI) or
specific reactions (SPR) on the exam, the confidence level decreases to 2.9%. This occurs
because statistically, a rather large percentage of the deceptive reactions will be false positives
on the initial test. The benefit of polygraph screening, at this point, is that you will identify a
smaller pool of people who “potentially” could be committing espionage. It is then possible to
concentrate your security resources by applying other internal control measures, such as
investigation, to the smaller group who reacted on the test. Additional polygraph testing and
investigation should reduce the number of potential spies even further. Actual testing results
should help us identify how many unresolved cases exist and the costs of resolving them.

Traditionally, reexaminations have been part of clearing those who react on their first
examination, and are presumed to effectively reduce the number of false positives. The DOD
annual report suggests that most of these reactions are cleared through admissions. It is likely a
number of security violation type of admissions would be made and would be resolved. It is also
likely a number would not, however skilled interviewers might still might uncover the spy. In my
opinion even with high validity assumptions, 5 to 10 % of your population will not successfully
complete the initial examination. Subsequent reexaminations should resolve a number of cases
and reduce these percentages. Substantial resources would have to be expended on any
unresolved cases.

Countermeasures

The danger from countermeasures, while real, is overstated. I believe laboratory studies
overstate the effectiveness of countermeasures. The psychological dynamics of actual testing,
as well as anti-countermeasure methods used in the field, are overlooked when assumptions
are made regarding the effectiveness of countermeasures. In order for the anti-countermeasure
methods to be effective, they must remain classified.

Polygraph Program Effectiveness

There has been criticism in the past that polygraph-screening programs just routinely pass
everyone and that the effort is symbolic only to create a false sense of security. Experts in the
field of polygraph have spent considerable time conducting studies and have determined
various statistical probabilities based on scientific modalities. Therefore, by analyzing a specific
polygraph program’s prior testing results and comparing these results to the statistical
probabilities, one could determine if that specific polygraph program is effective or ineffective.

Conclusion

The use of the polygraph as an aid to investigations and not a substitute for it is a
well-established policy. To solve an extremely difficult investigative and security problem
requires the use of internal controls and the use of all investigative tools. I believe a
well-managed polygraph program is part of the solution.